miniflux/ui/user.go

240 lines
5.6 KiB
Go
Raw Normal View History

2017-11-20 06:10:04 +01:00
// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
package ui
2017-11-20 06:10:04 +01:00
import (
"errors"
2017-11-28 06:30:04 +01:00
"github.com/miniflux/miniflux/http/handler"
2017-12-16 03:55:57 +01:00
"github.com/miniflux/miniflux/logger"
2017-12-13 06:48:13 +01:00
"github.com/miniflux/miniflux/model"
"github.com/miniflux/miniflux/ui/form"
2017-11-20 06:10:04 +01:00
)
2017-11-28 06:30:04 +01:00
// ShowUsers shows the list of users.
func (c *Controller) ShowUsers(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-22 03:37:08 +01:00
user := ctx.LoggedUser()
2017-11-20 06:10:04 +01:00
if !user.IsAdmin {
2017-11-22 03:30:16 +01:00
response.HTML().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
args, err := c.getCommonTemplateArgs(ctx)
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-28 06:30:04 +01:00
users, err := c.store.Users()
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
users.UseTimezone(user.Timezone)
2017-11-22 03:30:16 +01:00
response.HTML().Render("users", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"users": users,
"menu": "settings",
}))
}
2017-11-28 06:30:04 +01:00
// CreateUser shows the user creation form.
func (c *Controller) CreateUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-22 03:37:08 +01:00
user := ctx.LoggedUser()
2017-11-20 06:10:04 +01:00
if !user.IsAdmin {
2017-11-22 03:30:16 +01:00
response.HTML().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
args, err := c.getCommonTemplateArgs(ctx)
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:30:16 +01:00
response.HTML().Render("create_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"form": &form.UserForm{},
}))
}
2017-11-28 06:30:04 +01:00
// SaveUser validate and save the new user into the database.
func (c *Controller) SaveUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-22 03:37:08 +01:00
user := ctx.LoggedUser()
2017-11-20 06:10:04 +01:00
if !user.IsAdmin {
2017-11-22 03:30:16 +01:00
response.HTML().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
args, err := c.getCommonTemplateArgs(ctx)
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:14:45 +01:00
userForm := form.NewUserForm(request.Request())
2017-11-20 06:10:04 +01:00
if err := userForm.ValidateCreation(); err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().Render("create_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"form": userForm,
"errorMessage": err.Error(),
}))
return
}
if c.store.UserExists(userForm.Username) {
2017-11-22 03:30:16 +01:00
response.HTML().Render("create_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"form": userForm,
"errorMessage": "This user already exists.",
}))
return
}
newUser := userForm.ToUser()
if err := c.store.CreateUser(newUser); err != nil {
2017-12-16 03:55:57 +01:00
logger.Error("[Controller:SaveUser] %v", err)
2017-11-22 03:30:16 +01:00
response.HTML().Render("edit_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"form": userForm,
"errorMessage": "Unable to create this user.",
}))
return
}
2017-11-22 03:37:08 +01:00
response.Redirect(ctx.Route("users"))
2017-11-20 06:10:04 +01:00
}
2017-11-28 06:30:04 +01:00
// EditUser shows the form to edit a user.
func (c *Controller) EditUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-22 03:37:08 +01:00
user := ctx.LoggedUser()
2017-11-20 06:10:04 +01:00
if !user.IsAdmin {
2017-11-22 03:30:16 +01:00
response.HTML().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
args, err := c.getCommonTemplateArgs(ctx)
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
selectedUser, err := c.getUserFromURL(ctx, request, response)
if err != nil {
return
}
2017-11-22 03:30:16 +01:00
response.HTML().Render("edit_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"selected_user": selectedUser,
"form": &form.UserForm{
Username: selectedUser.Username,
IsAdmin: selectedUser.IsAdmin,
},
}))
}
2017-11-28 06:30:04 +01:00
// UpdateUser validate and update a user.
func (c *Controller) UpdateUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-22 03:37:08 +01:00
user := ctx.LoggedUser()
2017-11-20 06:10:04 +01:00
if !user.IsAdmin {
2017-11-22 03:30:16 +01:00
response.HTML().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
args, err := c.getCommonTemplateArgs(ctx)
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
selectedUser, err := c.getUserFromURL(ctx, request, response)
if err != nil {
return
}
2017-11-22 03:14:45 +01:00
userForm := form.NewUserForm(request.Request())
2017-11-20 06:10:04 +01:00
if err := userForm.ValidateModification(); err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().Render("edit_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"selected_user": selectedUser,
"form": userForm,
"errorMessage": err.Error(),
}))
return
}
if c.store.AnotherUserExists(selectedUser.ID, userForm.Username) {
2017-11-22 03:30:16 +01:00
response.HTML().Render("edit_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"selected_user": selectedUser,
"form": userForm,
"errorMessage": "This user already exists.",
}))
return
}
userForm.Merge(selectedUser)
if err := c.store.UpdateUser(selectedUser); err != nil {
2017-12-16 03:55:57 +01:00
logger.Error("[Controller:UpdateUser] %v", err)
2017-11-22 03:30:16 +01:00
response.HTML().Render("edit_user", args.Merge(tplParams{
2017-11-20 06:10:04 +01:00
"menu": "settings",
"selected_user": selectedUser,
"form": userForm,
"errorMessage": "Unable to update this user.",
}))
return
}
2017-11-22 03:37:08 +01:00
response.Redirect(ctx.Route("users"))
2017-11-20 06:10:04 +01:00
}
2017-11-28 06:30:04 +01:00
// RemoveUser deletes a user from the database.
func (c *Controller) RemoveUser(ctx *handler.Context, request *handler.Request, response *handler.Response) {
2017-11-22 03:37:08 +01:00
user := ctx.LoggedUser()
2017-11-20 06:10:04 +01:00
if !user.IsAdmin {
2017-11-22 03:30:16 +01:00
response.HTML().Forbidden()
2017-11-20 06:10:04 +01:00
return
}
selectedUser, err := c.getUserFromURL(ctx, request, response)
if err != nil {
return
}
if err := c.store.RemoveUser(selectedUser.ID); err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return
}
2017-11-22 03:37:08 +01:00
response.Redirect(ctx.Route("users"))
2017-11-20 06:10:04 +01:00
}
func (c *Controller) getUserFromURL(ctx *handler.Context, request *handler.Request, response *handler.Response) (*model.User, error) {
2017-11-22 03:14:45 +01:00
userID, err := request.IntegerParam("userID")
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().BadRequest(err)
2017-11-20 06:10:04 +01:00
return nil, err
}
2017-11-28 06:30:04 +01:00
user, err := c.store.UserByID(userID)
2017-11-20 06:10:04 +01:00
if err != nil {
2017-11-22 03:30:16 +01:00
response.HTML().ServerError(err)
2017-11-20 06:10:04 +01:00
return nil, err
}
if user == nil {
2017-11-22 03:30:16 +01:00
response.HTML().NotFound()
2017-11-20 06:10:04 +01:00
return nil, errors.New("User not found")
}
return user, nil
}